Jack Wallen believes that the new year holds a great deal of promise for the Linux OS and open source software — from an explosion in the mobile arena to large-enterprise scalability to widespread adoption of OpenOffice 3. See if you agree with his outlook.

2009 is here. And for people like me, that means it's time to put together not a "year in review" but a "year in preview." I don't like to look back; I like to look ahead. So I offer you this list of what I see in the year to come for the Linux operating system and open source software.Note: This article is also available as a PDF download.

#1: Android

I think 2009 is going to see the Android mobile operating system finally showing Apple and the iPhone that there is, indeed, another game in town. So far, we really only have the T-Mobile G1. But waiting in the wings are the Motorola Android phone, the Asus Eee Phone, the OpenMoko GTA02, and an LG Android phone. These are all rumored to be arriving some time in 2009. When they do hit the shelves, things are going to be interesting for the iPhone.
Think about it — an iPhone-like piece of hardware with open source software that anyone can develop for. No more App Store headaches. No more wondering if anyone might ever develop that killer app you need (or waiting for Apple to approve that killer app you need). Add to that the fact that the operating system itself is open, which means when problems arise they will be fixed. Oh, and need I say "copy/paste"? I didn't think so. 2009 will bring an end to the idea that the iPhone is the only smart phone to own.

#2: GNOME vs. KDE

I think 2009 will finally see GNOME rise above KDE as the better Linux desktop. For a long time, GNOME has been suffocated by the presence of KDE 3.x and with good reason — KDE 3.x was an outstanding desktop. KDE 3.x had everything a good Linux desktop should have: user friendliness, stability, flexibility, eye candy. GNOME was trying too hard to be a bad copy of OS X. With the advent of KDE 4 the tables have turned.
This is not just a situation where KDE 4.x is so bad that GNOME, as bad as it is, is better. GNOME 2.24 is good, really good. GNOME has gone a little ways to restoring its roots and allowing a bit more flexibility with the desktop. But more important, GNOME 2.24 has finally found some solid footing. GNOME is now as stable as KDE 3.x ever was. And now that KDE has obviously decided to go down a much less popular route with KDE 4, it is going to have a hard year. More and more people and distributions will drop KDE in favor of GNOME. I realize there is no going back for KDE, but going forward better bring much more promise than this Linux desktop has shown thus far.

#3: Preinstalled

This has come and this has gone, I know. But HP is now promising to get into the "preinstalling Linux game" and that bodes well for the open source operating system. Add to this the ever-rising tide of netbook sales, and preinstalled Linux sales will begin to show improvement and continue to improve throughout the year. This will not be a flash-in-the pan like we saw with Wal-mart selling desktops preinstalled to unaware consumers. This time around, people will continue to purchase netbooks with a Linux operating system perfectly matched for the purpose. And look out Microsoft — Canonical (the founders/supporters of Ubuntu) is collaborating with AMD on a version of Ubuntu perfectly matched with the ARM processor (the processor common in netbooks.)

#4: Brtfs

Brtfs is the new copy on write file system that is focused on fault tolerance, repair, and administration. This file system offers Linux something that other file systems lack: the ability to scale to the level of larger enterprises. Version 1 of this file system should arrive in 2009, which could mean that by the end of the year, distributions could be shipping with a large-scale, enterprise-ready kernel. This is big news for Linux because it will finally have the tools to overcome the biggest hurdle for enterprise adoption.

#5: OpenGL for the masses

This has been a long time coming. In 2008, NVidia released a version of OpenGL 3.0 driver for FLOSS OpenGL. But Mesa didn't. Mesa, however, is back and working on a 3.0-compatible release. I am confident that other chip makers will follow suit. This will bring OpenGL to the Linux community in both proprietary and free sources. Along with this, I can see far easier installations of such 3D desktops as Compiz-Fusion. Can you imagine Compiz-Fusion out of the box? On top of that, Linux will have a much easier time working with the newest video technology. Add to this the new drive to move video subsystems to the kernel level using GEM (Graphics Execution Manager) and KMS (Kernel Mode Setting).

#6: The cloud

I am going to preface this with a big "if." IF cloud computing does finally gain any solid ground, Linux will lead the way. Be it on the server end or the client end, Linux already has the tools it needs to create solid cloud environments. (It has for a long time.) Linux has always been ahead of Microsoft in this respect. And if the cloud actually develops into the storm the media has been predicting, Linux will reap many benefits. I, for one, am a little hesitant to say that the cloud has arrived. Amazon already has a Linux cloud out of beta.

#7: OpenOffice 3

2009 will see far more deployments, taking a chunk out of the Microsoft Office pie. OpenOffice 3 offers a host of new features that are just right for enterprise adoption. But that is not the real kicker. With the economy as it is, companies are doing everything they can to cut costs. One area of quick and painless cost cutting is office suites. And when the typical end user starts to see how little difference there is between Microsoft Office and OpenOffice, the fire will spread rapidly. One of the issues keeping OpenOffice from the top of the charts is visibility. When people know there is a free alternative to Microsoft Office they will use it.

#8: Enlightenment

This one is a bit niche-y, but I have to address it. I believe that 2009 will see the developers of the Enlightenment desktop finally endorse E17 as stable. If you have followed the Enlightenment window manager (my favorite, by the way), you know that E16 has been the default forever and E17 has been the unstable development branch forever. 2009 will see E17 be listed as stable. However, I hope that E16 goes nowhere. The E16 version of Enlightenment is one of the best holdovers from Linux' romantic period. I can still say, "This desktop I am using now is the same as it was when I was using back in the day." So even when E17 becomes stable in 2009, I hope E16 is always around.

#9: Ubuntu

I see two things happening with Ubuntu. The first is that Ubuntu server will finally be adopted as a viable solution for enterprise server needs. The second is that Ubuntu 9.04 (Jaunty Jackalope) will find its way to the desktop and become the de facto standard of the user-friendly level of Linux operating systems. Ubuntu already has a strong hold on entry-level user installs. With 9.04, Ubuntu will probably deliver the best benchmarking of any desktop Linux ever, as well as the best hardware support. With the possible adoption of EXA acceleration, ATI video cards will see vastly improved support, and wireless/Bluetooth will include a powering-down feature. Ubuntu 9.04 will give Linux a much-needed push onto the desktop in 2009.

#10: Firefox

This one is quickly becoming a no-brainer. Firefox will, in 2009, finally usurp Internet Explorer as King of Browsers. It's been a long time coming, but the problems Internet Explorer has faced in 2008 will show Firefox reaping the benefits. And I think this time around, it will go well beyond Firefox seeing a jump in usage. Firefox will take the lion's share of the user base away from Microsoft. Because of this, the 'net will become a safer place and fewer bugs will be reported. But by the end of the year, Google will release a mass-appeal-ready version of Chrome, which will chip into both Firefox' and Internet Explorer's pies. The browser wars will be renewed.

Bright future

I think the trends in 2009 are sure to bring a smile to the faces of the Linux and open source communities. What do you think? Is 2009 going to finally be the year of Linux? If so, why?

The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

Experts say many of these errors are not well understood by programmers.

According to the SANS Institute in Maryland, just two of the errors led to more than 1.5m web site security breaches during 2008.

It is thought that this is the first time the industry has reached agreement on the worst things that can creep into software as it is being written.

More than 30 organisations, including the US National Security Agency, the Department of Homeland Security, Microsoft, and Symantec published the document.

THE TOP 25 MOST DANGEROUS PROGRAMMING ERRORS

CWE-20:Improper Input Validation

CWE-116:Improper Encoding or Escaping of Output

CWE-89:Failure to Preserve SQL Query Structure

CWE-79:Failure to Preserve Web Page Structure

CWE-78:Failure to Preserve OS Command Structure

CWE-319:Cleartext Transmission of Sensitive Information

CWE-352:Cross-Site Request Forgery

CWE-362:Race Condition

CWE-209:Error Message Information Leak

CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer

CWE-642:External Control of Critical State Data

CWE-73:External Control of File Name or Path

CWE-426:Untrusted Search Path

CWE-94:Failure to Control Generation of Code

CWE-494:Download of Code Without Integrity Check

CWE-404:Improper Resource Shutdown or Release

CWE-665:Improper Initialization

CWE-682:Incorrect Calculation

CWE-285:Improper Access Control

CWE-327:Use of a Broken or Risky Cryptographic Algorithm

CWE-259:Hard-Coded Password

CWE-732:Insecure Permission Assignment for Critical Resource

CWE-330:Use of Insufficiently Random Values

CWE-250:Execution with Unnecessary Privileges

CWE-602:Client-Side Enforcement of Server-Side Security

Source: SANS Institute

"The top 25 list gives developers a minimum set of coding errors that must be eradicated before software is used by customers," said Chris Wysopal, chief technology officer with Veracode.

"There appears to be broad agreement on the programming errors," says SANS director, Mason Brown, "Now it is time to fix them."

"We need to make sure every programmer knows how to write code that is free of the top 25 errors."

"Then we need to make sure every programming team has processes in place to find and fix these problems [in existing code] and has the tools needed to verify their code is as free of these errors," he said.

Patrick Lincoln, director of the Computer Science Laboratory at SRI International, told the BBC that if programmers prevented these errors appearing in their code, it would deter the majority of hackers.

"This list is primarily for people who have first responsibility for designing a system. Veteran programmers have probably learnt the hard way whereas a brand new programmer will be making more basic errors."

"The real dedicated serial attacker will probably find a way in even if all these errors were removed. But a high school hacker with malicious intent - ankle-biters if you will - would be deterred from breaking in."

Previously, most advice has focused on vulnerabilities that can result from programming errors. The top 25 list examines the actual programming errors themselves.

The US Office of the Director of National Intelligence, the principal adviser to the President, the National Security Council and the Homeland Security Council also lent their support to the list.

In a statement, they said: "We believe that integrity of hardware and software products is a critical for cyber security. "

"Creating more secure software is a fundamental aspect of system and network security, given that the federal government and the nation's critical infrastructure depend on commercial products for business operations."

"The top 25 is an important component of an overall security initiative for our country. We applaud this effort and encourage the utility of this tool through other venues such as cyber education."